Hi ZmnSCPxj,
Allow me to reply to your post in mixed order (fraud proofs first):
>But peers can be set up to allow you to hear of all chains while denying you
>proof of the invalidity of some UTXO.
I don't believe this is fundamentally different. In either scenario
you end up on the wrong
Good morning Ruben,
> Hi ZmnSCPxj,
>
> > There is no safe way to use UTXO sets without identifying who is telling
> > you those sets are valid, or making it expensive to lie
> > The first option requires trust and is weaker than SPV, the second requires
> > committing to a proof-of-work
>
>
Hi ZmnSCPxj,
>There is no safe way to use UTXO sets without identifying who is telling you
>those sets are valid, or making it expensive to lie
>The first option requires trust and is weaker than SPV, the second requires
>committing to a proof-of-work
Olaoluwa Osuntokun's BIP157 manages to
Good morning,
> > As I understand it, this requires that UTXO commitments be mandatory.
>
> Perhaps UTXO sets can be made useful without committing them. I have
> some very loose thoughts on the subject, I consider it an open
> question.
There is no safe way to use UTXO sets without identifying
Hi ZmnSCPxj and Ethan,
I apologize if my initial explanation was confusing, but it looks like
you figured it out. For every fork, SPV clients only have to download
one block. If there is a fork after block N, this means there are two
blocks at N+1. You only download and verify N+1 from the longer
Good morning Ethan,
> My above email contains an error. The SPV client needs to only
> download S+1, not S+1 and S+2.
>
> I agree with you that a weakness of this approach is a miner can make
> SPV clients do substantially more work. However:
>
> 1. Mining a block which will never be accepted is
Good morning to you as well ZmnSCPxj,
My above email contains an error. The SPV client needs to only
download S+1, not S+1 and S+2.
I agree with you that a weakness of this approach is a miner can make
SPV clients do substantially more work. However:
1. Mining a block which will never be
Good morning Ethan,
Thank you for clarifying, I understand better now.
It seems that minority miners can disrupt SPV clients such that SPV clients
will download 2 blocks for every block the minority miner can find, not 1.
This can be done by simply making multiple 1-block chainsplits, rather
Hi ZmnSCPxj,
Let's see if I understand what you are saying. In your scenario chain
A consists of honest miners (10% of the hash rate) and chain B (90%
of the hash rate) consists of dishonest miners who are inflating the
coin supply.
Chain A: S, S+1
Chain B: S, S+1 (invalid), S+2, S+3, S+4, S+5,
Good morning Ethan,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Friday, April 19, 2019 4:12 AM, Ethan Heilman wrote:
> I'm probably repeating a point which has been said before.
>
> > I suppose a minority miner that wants to disrupt the network could simply
> >
I'm probably repeating a point which has been said before.
>I suppose a minority miner that wants to disrupt the network could simply
>create a *valid* block at block N+1 and deliberately ignore every other valid
>block at N+1, N+2, N+3 etc. that it did not create itself.
If this minority miner
Good morning Ruben,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Thursday, April 18, 2019 9:44 PM, Ruben Somsen via bitcoin-dev
wrote:
> Simplified-Payment-Verification (SPV) is secure under the assumption
> that the chain with the most Proof-of-Work (PoW) is valid.
12 matches
Mail list logo
